[breaking] trust setting to indicate whether input text is trusted (#1794)

* trust option to indicate whether input text is trusted * Revamp into trust contexts beyond just command * Document new trust function style * Fix screenshot testing * Use trust setting in \url and \href * Check `isTrusted` in `\url` and `\href` (so now disabled by default) * Automatically compute `protocol` from `url` in `isTrusted`, so it doesn't need to be passed into every context. * Document untrusted features in support list/table * Existing tests trust by default * remove allowedProtocols and fix flow errors * remove 'allowedProtocols' from documentation * add a comment about a flow error, rename urlToProtocol to protocolFromUrl * add tests test that use function version of trust option * default trust to false in MathML tests * fix test title, remove 'trust: false' from test settings since it's the default
2025-10-13 06:58:40 +00:00 · 2019-07-08 21:57:23 -04:00
parent fc79f79c78
commit 3800dc49c1
16 changed files with 352 additions and 62 deletions
--- a/docs/security.md
+++ b/docs/security.md
@@ -9,10 +9,11 @@ Of course, it is always a good idea to sanitize the HTML, though you will need
 a rather generous whitelist (including some of SVG and MathML) to support
 all of KaTeX.

-Use `maxSize` option for preventing large width/height visual affronts,
-use `maxExpand` for preventing infinite macro loop attacks, and
-use `allowedProtocols` for preventing certain protocols in `\href`. Please
-refer to [Options](options.md) for more details.
+A variety of options give finer control over the security of KaTeX
+with untrusted inputs; refer to [Options](options.md) for more details.
+* `maxSize` can prevent large width/height visual affronts.
+* `maxExpand` can prevent infinite macro loop attacks.
+* `trust` can allow certain commands that are not always safe (e.g., `\includegraphics`)

 The error message thrown by KaTeX may contain unescaped LaTeX source code.
 See [Handling Errors](error.md) for more details.